© 2015 Imperva, Inc. All rights reserved.
10 Audit Trail Tips for Better Data Security Mike Sanders, Principal SE and Team Lead, Imperva Cheryl O’Neill, Product Marketing Director, Imperva
July 22,2015
© 2015 Imperva, Inc. All rights reserved.
Speakers
2
Cheryl O’Neill Product Marketing Director, Data
Mike Sanders Principal SE and Team Lead, Imperva
© 2015 Imperva, Inc. All rights reserved.
BrightTalk Incident Response and Data Protection Summit
• Database Security, Better Audits, Lower Costs | View recording • 10 Audit Trail Tips for Better Data Security
• Sophisticated Incident Response Requires Sophisticated Activity Monitoring | Register
3
Access webinars: http://www.imperva.com/Resources/Videos
© 2015 Imperva, Inc. All rights reserved.
Audit should be easy – just turn it on
4
© 2015 Imperva, Inc. All rights reserved.
1. Have a good plan
• Understand what is needed • Obtain stakeholder buy-in early • Know the budget • Stick to the plan
ü Why�ü Scope�ü What�ü When�ü Who�ü How�ü Budget�
5
© 2015 Imperva, Inc. All rights reserved.
2. Know the data
• Understand where the data is • Understand what the data is • Understand who has access to the data
6
© 2015 Imperva, Inc. All rights reserved.
3. Start with your results in mind
• Who needs what, when • Leverage automation • Incident response readiness • Be agile
7
© 2015 Imperva, Inc. All rights reserved.
4. Implement a universal platform
• 100’s – 10,000’s of databases
• Versatile policy templates
• Compatible with existing infrastructure and processes
REGULATIONS Monetary Authority
of Singapore
sox IB-TRM
HITECH
PCI-DSS EU Data Protection Directive
NCUA 748
FISMA
GLBA
HIPAA
Financial Security Law of France
Italy’s L262/2005
India’s Clause 49 BASEL II
8
© 2015 Imperva, Inc. All rights reserved.
5. Audit what matters
Privileged Users
Sensitive Data
Ethical Walls
Change Controls
9
© 2015 Imperva, Inc. All rights reserved.
6. Don’t audit what doesn’t matter
• Exclude routine access • Exclude system processes • Varying degrees of verbosity
10
© 2015 Imperva, Inc. All rights reserved.
7. Don’t forget YOUR data
• See the forest for the trees – Don’t get so focused on any detail to miss the point of
audit
• Employee data • Confidential information
11
© 2015 Imperva, Inc. All rights reserved.
8. Constantly think security
• Distinguish normal from abnormal • Pay attention to access rights • Assess your vulnerabilities
12
© 2015 Imperva, Inc. All rights reserved.
9. Make sure it all works
• Test it • Test it • Test it
** This is a Test **!
13
© 2015 Imperva, Inc. All rights reserved.
10. Look to the future
• Big Data projects • Data migration to the cloud • Future releases of platforms
14
© 2015 Imperva, Inc. All rights reserved.
For More Information: +1(866) 926-4678 – Americas +44 01189 497 130 – EMEA [email protected]
15
16